Create a Post
Showing results for 
Search instead for 
Did you mean: 

Adding ThreatPrevetion exceptions by setting action to PREVENT to eliminate possibility of FalseNegs

Hello All,

I have a question regarding addition of exceptions to a Threat Prevention policy on perimeter gateways.

Few servers are running DNS queries to external honeypot site and not all of them are getting prevented by Anti-Bot, Few logs show "Detect" too. 

I would like to write an exception on TP policy and set the action to "Prevent", I want to try it to eliminate the possibility of any false negatives. (Refer to the attached image for the exception rule that I wanted to try)

My question is : Is it normal to write TP exceptions and set action to prevent ?  

0 Kudos
3 Replies

I think for the DNS Query, if you configure DNS Trap, it will show "Detect" instead of "Prevent". So seeing "detect" for those might be normal, depend on your setting.

0 Kudos

Thanks a lot for the response @Cyber_Serge 

0 Kudos
Legend Legend

Yes, support for TP exceptions with an action of Prevent (instead of the usual Detect or Inactive) was added in R80.10.

Gateway Performance Optimization R81.20 Course
now available at
0 Kudos


Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events